UbuntuUpdates.org

Package "winbind"

Name: winbind

Description:

service to resolve user and group information from Windows NT servers

Latest version: 2:4.15.13+dfsg-0ubuntu0.20.04.7
Release: focal (20.04)
Level: security
Repository: main
Head package: samba
Homepage: http://www.samba.org

Links


Download "winbind"


Other versions of "winbind" in Focal

Repository Area Version
base main 2:4.11.6+dfsg-0ubuntu1
updates main 2:4.15.13+dfsg-0ubuntu0.20.04.8

Changelog

Version: 2:4.13.17~dfsg-0ubuntu1.20.04.5 2023-01-27 00:07:02 UTC

  samba (2:4.13.17~dfsg-0ubuntu1.20.04.5) focal-security; urgency=medium

  * SECURITY UPDATE: Multiple regressions (LP: #2003867) (LP: #2003891)
    - debian/patches/series: disable all security fixes from the previous
      update pending further investigation. This reverts the following
      CVEs: CVE-2022-3437, CVE-2022-42898, CVE-2022-45141, CVE-2022-38023,
      CVE-2022-37966, CVE-2022-37967.

 -- Marc Deslauriers <email address hidden> Thu, 26 Jan 2023 09:03:40 -0500

Source diff to previous version
2003867 Samba user home path not accessible if directory added after %U - canonicalize_connect_path failed
2003891 Can not authenticate on Windows after upgrading samba AD packages to version 2:4.13.17~dfsg-0ubuntu1.20.04.4
CVE-2022-3437 Buffer overflow in Heimdal unwrap_des3()
CVE-2022-42898 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC,
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability.
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability.

Version: 2:4.13.17~dfsg-0ubuntu1.20.04.4 2023-01-24 15:07:37 UTC

  samba (2:4.13.17~dfsg-0ubuntu1.20.04.4) focal-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in Heimdal unwrap_des3()
    - debian/patches/CVE-2022-3437-*.patch
    - CVE-2022-3437
  * SECURITY UPDATE: Buffer overflow vulnerabilities on 32-bit systems
    - debian/patches/CVE-2022-42898-*.patch
    - CVE-2022-42898
  * SECURITY UPDATE: Samba AD DC can be forced to issue rc4-hmac encrypted
    Kerberos tickets
    - debian/patches/CVE-2022-45141-*.patch
    - CVE-2022-45141
  * SECURITY UPDATE: RC4/HMAC-MD5 NetLogon Secure Channel is weak and
    should be avoided
    - debian/patches/CVE-2022-38023-*.patch
    - CVE-2022-38023
  * SECURITY UPDATE: rc4-hmac Kerberos session keys issued to modern servers
    - debian/patches/CVE-2022-3796x-*.patch
    - CVE-2022-37966
  * SECURITY UPDATE: Kerberos constrained delegation ticket forgery
    possible against Samba AD DC
    - debian/patches/CVE-2022-3796x-*.patch
    - CVE-2022-37967
  * debian/patches/win-22H2-fix.patch: split git-style patch into three
    individual patches so that it can be manipulated properly with quilt.
  * debian/patches/CVE-2022-44640-*.patch: Heimdal issue that did not
    affect Samba, but patches included for completeness.

 -- Marc Deslauriers <email address hidden> Wed, 11 Jan 2023 11:12:16 -0500

Source diff to previous version
CVE-2022-3437 Buffer overflow in Heimdal unwrap_des3()
CVE-2022-42898 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC,
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability.
CVE-2022-3796 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that i
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability.
CVE-2022-44640 Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Cen

Version: 2:4.13.17~dfsg-0ubuntu1.20.04.1 2022-08-01 14:06:23 UTC

  samba (2:4.13.17~dfsg-0ubuntu1.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: MaxQueryDuration not honoured in Samba AD DC LDAP
    - debian/patches/CVE-2021-3670-*.patch
    - CVE-2021-3670
  * SECURITY UPDATE: Samba AD users can bypass certain restrictions
    associated with changing passwords
    - debian/patches/CVE-2022-2031-*.patch
    - CVE-2022-2031
  * SECURITY UPDATE: Server memory information leak via SMB1
    - debian/patches/CVE-2022-32742-*.patch
    - CVE-2022-32742
  * SECURITY UPDATE: Samba AD users can forge password change requests for
    any user
    - debian/patches/CVE-2022-2031-*.patch
    - CVE-2022-32744
  * SECURITY UPDATE: Samba AD users can crash the server process with an
    LDAP add or modify request
    - debian/patches/CVE-2022-32745_6-*.patch
    - CVE-2022-32745
  * SECURITY UPDATE: Samba AD users can induce a use-after-free in the
    server process with an LDAP add or modify request
    - debian/patches/CVE-2022-32745_6-*.patch
    - CVE-2022-32746
  * debian/control: Build-Depends on ldb security update.
  * Fix version string to match focal.

 -- Marc Deslauriers <email address hidden> Mon, 18 Jul 2022 08:52:26 -0400

Source diff to previous version
CVE-2021-3670 MaxQueryDuration not honoured in Samba AD DC LDAP
CVE-2022-2031 Samba AD users can bypass certain restrictions associated with changing passwords
CVE-2022-32742 Server memory information leak via SMB1
CVE-2022-32744 Samba AD users can forge password change requests for any user
CVE-2022-32745 Samba AD users can crash the server process with an LDAP add or modify request
CVE-2022-32746 Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request

Version: 2:4.13.17~dfsg-0ubuntu0.21.04.1 2022-02-01 12:06:28 UTC

  samba (2:4.13.17~dfsg-0ubuntu0.21.04.1) focal-security; urgency=medium

  * Update to 4.13.17 as a security update
    - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
  * Removed patches included in new version:
    - debian/patches/trusted_domain_regression_fix.patch
    - debian/patches/bug14901-*.patch
    - debian/patches/bug14922.patch

 -- Marc Deslauriers <email address hidden> Mon, 31 Jan 2022 08:11:13 -0500

Source diff to previous version
CVE-2021-43566 All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area o
CVE-2021-44142 Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution
CVE-2022-0336 Samba AD users with permission to write to an account can impersonate arbitrary services

Version: 2:4.13.14+dfsg-0ubuntu0.20.04.4 2021-12-13 21:07:23 UTC

  samba (2:4.13.14+dfsg-0ubuntu0.20.04.4) focal-security; urgency=medium

  * SECURITY REGRESSION: Kerberos authentication on standalone server in
    MIT realm broken
    - debian/patches/bug14922.patch: fix MIT Realm regression in
      source3/auth/user_krb5.c.

 -- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:12:25 -0500




About   -   Send Feedback to @ubuntu_updates